module but at least the code can be updated on the fly (or replaced
with some other secondary alternative module in the future).
src/charsys.c -> src/modules/charsys.c
This also means everyone needs to load the modules/charsys module.
See https://www.unrealircd.org/docs/Nick_Character_Sets
Example: set { allowed-nickchars { latin-utf8; }; };
Important remarks:
* All your servers must be on UnrealIRCd 4.0.17 (or later)
* Most(?) services do not support this, so users using UTF8 nicknames
won't be able to register at NickServ.
* In set::allowed-nickchars you must either choose an utf8 language
or a non-utf8 character set. You cannot combine the two.
* You also cannot combine multiple scripts/alphabets, such as:
latin, greek, cyrillic and hebrew. You must choose one.
* If you are already using set::allowed-nickchars on your network
(eg: 'latin1') then be careful when migrating (to eg: 'latin-utf8'):
* Your clients may still assume non-UTF8
* If users registered nicks with accents or other special characters
at NickServ then they may not be able to access their account
after the migration to UTF8.
[!] Work in progress [!]
* API change for HOOKTYPE_PRE_INVITE:
(aClient *sptr, aClient *target, aChannel *chptr, int *override)
Modules must now send the error message instead of only returning
HOOK_DENY. Also check for operoverride and set *override=1.
This so modules can send their own error messages instead of the
default message being sent ("channel is +V" - which is not true).
Reported by Gottem (#5023).
https://www.unrealircd.org/docs/Link_verification
This is only outputted if both sides are 4.0.16+ so we can use spkifp
and use the same instruction on both sides of the link.
(If we would do it for previous versions then we would only give
half of the instructions to the users, which makes no sense)
password "AHMYBevUxXKU/S3pdBSjXP4zi4VOetYQQVJXoNYiBR0=" { spkifp; };
This value will stay the same even for new SSL/TLS certificates,
as long as the key stays the same. This can be useful in case of
Let's Encrypt (if you use a tool that keeps the same key, that is,
certbot does not at the moment). Suggested by grawity (#5014).
Also make auth type 'sslclientcert' available as 'cert' and
make 'sslclientcertfp' available as 'certfp'.
places by spamfilters (and some other systems) to be placed not on *@ip
but rather on user@ip. Note that this won't work for ZLINE/GZLINE since
no ident/username lookups are done in such cases.
Bit of a niche feature but okay..
This so saslmechs are properly sent in case of services (re)connect,
otherwise the CAP NEW is sent too early when the saslmechs are
not known yet.
NOTE: This makes sending "EOS" mandatory for any SASL servers.
You should be doing this since 14 years ago (it was added
in 3.2beta18 in August 2003) so hopefully that is the case.
Anope is good anyway :)
Fix force-rejoin not working if doing SVSMODE -x/+x (Koragg, #5015).
Note to module coders:
Please use the following procedure in case of an user/host change:
* userhost_save_current(acptr);
* << change username or hostname here (or both) >>
* userhost_changed(acptr);
This function will take care of notifying other clients about
the userhost change, such as doing PART+JOIN+MODE if force-rejoin
is enabled, and sending :xx CHGHOST user host messages to
"CAP chghost" capable clients.
Also, small note to everyone:
If force-rejoin is enabled we will not send the PART+JOIN+MODE to
"CAP chghost" capable clients. Doing so is just a hack to notify
people of a userhost change. "CAP chghost" users can thus benefit
from the reduced noise in this respect.
would allow you to use -f even if the IRCd is suid or sgid.
This is not anything we or you ever want to permit since this is
a major security problem. This setting is now gone. I doubt
anyone used it.
You should always use https://www.unrealircd.org/ for stable releases.
In case you wondered what happened with 4.0.15: that version consists
of cherry-picked / backports of the two crash fixes from this 'unreal40'
development branch. The current code simply wasn't ready yet for a
rushed security release.
Delete CAP CLEAR as it's use is discouraged (too much trouble).
Delete CAP ACK (from client2server) as this is only for CAP's with
ack modifiers. This is something we don't use, and which has been
deprecated in v3.2 of the spec.
This so upcoming UnrealIRCd version will work with TLSv1.3 whenever it
becomes an official standard and is included in OpenSSL/LibreSSL.
(Verified to work with openssl git master branch)
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
Bram Matthys